[Freeipa-devel] certmonger proxy configuration not possible ?
Rob Crittenden
rcritten at redhat.com
Wed Aug 3 13:51:38 UTC 2016
Marx, Peter wrote:
> Hi,
>
> i have to access an external PKI server with SCEP protocol through our
> corporate proxy. On command line I can set the proxy and trigger a CSR
> with the scep-submit helper successfully.
What are you setting, environment variables I assume?
> But same operation with getcert fails, as there is no proxy
> configuration possibility in e.g. certmonger.conf.
>
> How can I work around this ?
A quick kludge might be to replace scep-submit with a shell script that
exports the proxy config and then calls the real scep-submit.
A perhaps better and more supportable idea would be to add a CA pointing
to this new helper, something like:
getcert add-ca -c exampleSCEPca -e \
"/usr/libexec/certmonger/scep-submit-proxy -u
http://ca.example.com/cgi-bin/pkiclient.exe"
So scep-submit-proxy would setup the environment and call scep-submit.
rob
>
> Peter
>
>
>
> Knorr-Bremse IT-Services GmbH
> Sitz: München
> Geschäftsführer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald
> Schneider
> Registergericht München, HR B 167 268
>
> This transmission is intended solely for the addressee and contains
> confidential information.
> If you are not the intended recipient, please immediately inform the
> sender and delete the message and any attachments from your system.
> Furthermore, please do not copy the message or disclose the contents to
> anyone unless agreed otherwise. To the extent permitted by law we shall
> in no way be liable for any damages, whatever their nature, arising out
> of transmission failures, viruses, external influence, delays and the like.
>
>
More information about the Freeipa-devel
mailing list